.env

#### Part-DB Configuration
# See https://docs.part-db.de/configuration.html for documentation of available options

###################################################################################
# Database settings
###################################################################################

# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
# IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml

# Use a file (SQLite) as database. For bigger instances you should use a real database server (like MySQL)
DATABASE_URL="sqlite:///%kernel.project_dir%/var/app.db"

# Uncomment this line (and comment the line above to use a MySQL database
#DATABASE_URL=mysql://root:@127.0.0.1:3306/part-db?serverVersion=5.7

# Set this value to 1, if you want to use SSL to connect to the MySQL server. It will be tried to use the CA certificate
# otherwise a CA bundle shipped with PHP will be used.
# Leave it at 0, if you do not want to use SSL or if your server does not support it
DATABASE_MYSQL_USE_SSL_CA=0

# Set this value to 0, if you don't want to verify the CA certificate of the MySQL server
# Only do this, if you know what you are doing!
DATABASE_MYSQL_SSL_VERIFY_CERT=1

# Emulate natural sorting of strings even on databases that do not support it (like SQLite, MySQL or MariaDB < 10.7)
# This can be slow on big databases and might have some problems and quirks, so use it with caution
DATABASE_EMULATE_NATURAL_SORT=0

###################################################################################
# General settings
###################################################################################

# The public reachable URL of this Part-DB installation. This is used for generating links in SAML and email templates or when no request context is available.
DEFAULT_URI="https://partdb.changeme.invalid/"

###################################################################################
# Email settings
###################################################################################

# The DSN of the email server that should be used for sending emails (disabled by default)
# See Transport section of https://symfony.com/doc/current/components/mailer.html for available providers and syntax
MAILER_DSN=null://null
#MAILER_DSN=smtp://user:password@smtp.mailserver.invalid:587

# The email address from which all Part-DB emails should be sent. Change this when you configure email!
EMAIL_SENDER_EMAIL=noreply@partdb.changeme
# The sender name which should be used for all Part-DB emails
EMAIL_SENDER_NAME="Part-DB Mailer"
# Set this to 1 to allow reset of a password per email
ALLOW_EMAIL_PW_RESET=0

###################################################################################
# Error pages settings
###################################################################################

# You can set an email address here, which is shown on an error page, how to contact an administrator
ERROR_PAGE_ADMIN_EMAIL=''
# If this is set to true, solutions to common problems are shown on error pages. Disable this, if you do not want your users to see them...
ERROR_PAGE_SHOW_HELP=1

###################################################################################
# Update Manager settings
###################################################################################

# Disable web-based updates from the Update Manager UI (0=enabled, 1=disabled).
# When disabled, use the CLI command "php bin/console partdb:update" instead.
DISABLE_WEB_UPDATES=1

# Disable backup restore from the Update Manager UI (0=enabled, 1=disabled).
# Restoring backups is a destructive operation that could overwrite your database.
DISABLE_BACKUP_RESTORE=1

# Disable backup download from the Update Manager UI (0=enabled, 1=disabled).
# Backups contain sensitive data including password hashes and secrets.
# When enabled, users must confirm their password before downloading.
DISABLE_BACKUP_DOWNLOAD=1

###################################################################################
# SAML Single sign on-settings
###################################################################################
# Set this to 1 to enable SAML single sign on
# Be also sure to set the correct values for DEFAULT_URI
SAML_ENABLED=0

# Set to 1, if your Part-DB installation is behind a reverse proxy and you want to use SAML
SAML_BEHIND_PROXY=0

# A JSON encoded array of role mappings in the form { "saml_role": PARTDB_GROUP_ID, "*": PARTDB_GROUP_ID }
# The first match is used, so the order is important! Put the group mapping with the most privileges first.
# Please not to only use single quotes to enclose the JSON string
SAML_ROLE_MAPPING='{}'
# A mapping could look like the following
#SAML_ROLE_MAPPING='{ "*": 2, "admin": 1, "editor": 3}'

# When this is set to 1, the group of SAML users will be updated everytime they login based on their SAML roles
SAML_UPDATE_GROUP_ON_LOGIN=1

# The entity ID of your SAML IDP (e.g. the realm name of your Keycloak server)
SAML_IDP_ENTITY_ID="https://idp.changeme.invalid/realms/master"
# The URL of your SAML IDP SingleSignOnService (e.g. the endpoint of your Keycloak server)
SAML_IDP_SINGLE_SIGN_ON_SERVICE="https://idp.changeme.invalid/realms/master/protocol/saml"
# The URL of your SAML IDP SingleLogoutService (e.g. the endpoint of your Keycloak server)
SAML_IDP_SINGLE_LOGOUT_SERVICE="https://idp.changeme.invalid/realms/master/protocol/saml"
# The public certificate of the SAML IDP (e.g. the certificate of your Keycloak server)
SAML_IDP_X509_CERT="MIIC..."

# The entity of your SAML SP, must match the SP entityID configured in your SAML IDP (e.g. Keycloak).
# This should be a the domain name of your Part-DB installation, followed by "/sp"
SAML_SP_ENTITY_ID="https://partdb.changeme.invalid/sp"

# The public certificate of the SAML SP
SAML_SP_X509_CERT="MIIC..."
# The private key of the SAML SP
SAML_SP_PRIVATE_KEY="MIIE..."


######################################################################################
# Other settings
######################################################################################
# In demo mode things it is not possible for a user to change his password and his settings.
DEMO_MODE=0

# When this is set to 1, users can make Part-DB directly download a file specified as a URL from the local network and create it as a local file.
# This allows users access to all resources available in the local network, which could be a security risk, so use this only if you trust your users and have a secure local network.
ALLOW_ATTACHMENT_DOWNLOADS_FROM_LOCALNETWORK=0

# Change this to true, if no url rewriting (like mod_rewrite for Apache) is available
# In that case all URL contains the index.php front controller in URL
NO_URL_REWRITE_AVAILABLE=0

# Set to 1, if Part-DB should redirect all HTTP requests to HTTPS. You dont need to configure this, if your webserver already does this.
REDIRECT_TO_HTTPS=0

# Set this to zero, if you want to disable the year 2038 bug check on 32-bit systems (it will cause errors with current 32-bit PHP versions)
DISABLE_YEAR2038_BUG_CHECK=0

# Set the trusted IPs here, when using an reverse proxy
#TRUSTED_PROXIES=127.0.0.0/8,::1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
#TRUSTED_HOSTS='^(localhost|example\.com)$'


###> symfony/lock ###
# Choose one of the stores below
# postgresql+advisory://db_user:db_password@localhost/db_name
LOCK_DSN=flock
###< symfony/lock ###

###> nelmio/cors-bundle ###
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
###< nelmio/cors-bundle ###

###> symfony/framework-bundle ###
APP_ENV=prod
APP_SECRET=a03498528f5a5fc089273ec9ae5b2849
APP_SHARE_DIR=var/share
###< symfony/framework-bundle ###